CVE-2024-34683
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:L
Summary
An authenticated attacker can upload malicious file to SAP Document Builder service. When the victim accesses this file, the attacker is allowed to access, modify, or make the related information unavailable in the victim’s browser.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| SAP_SE | SAP Document Builder | S4CORE 100 | affected |
| SAP_SE | SAP Document Builder | 101 | affected |
| SAP_SE | SAP Document Builder | S4FND 102 | affected |
| SAP_SE | SAP Document Builder | 103 | affected |
| SAP_SE | SAP Document Builder | 104 | affected |
| SAP_SE | SAP Document Builder | 105 | affected |
| SAP_SE | SAP Document Builder | 106 | affected |
| SAP_SE | SAP Document Builder | 107 | affected |
| SAP_SE | SAP Document Builder | 108 | affected |
| SAP_SE | SAP Document Builder | SAP_BS_FND 702 | affected |
| SAP_SE | SAP Document Builder | 731 | affected |
| SAP_SE | SAP Document Builder | 746 | affected |
| SAP_SE | SAP Document Builder | 747 | affected |
| SAP_SE | SAP Document Builder | 748 | affected |
Weaknesses
- CWE-434: CWE-434: Unrestricted Upload of File with Dangerous Type
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://me.sap.com/notes/3459379
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
References
- https://me.sap.com/notes/3459379
- https://support.sap.com/en/my-support/knowledge-base/security-notes-news.html
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.